puma-simon 3.7.1

data/test/test_puma_server_ssl.rb

@@ -0,0 +1,222 @@
+require "test_helper"
+
+require "puma/events"
+
+class SSLEventsHelper < ::Puma::Events
+  attr_accessor :addr, :cert, :error
+
+  def ssl_error(server, peeraddr, peercert, error)
+    self.addr = peeraddr
+    self.cert = peercert
+    self.error = error
+  end
+end
+
+DISABLE_SSL = begin
+              Puma::MiniSSL.check
+            rescue
+              true
+            else
+              false
+            end
+
+class TestPumaServerSSL < Minitest::Test
+
+  def setup
+    return if DISABLE_SSL
+    @port = 3212
+    @host = "127.0.0.1"
+
+    @app = lambda { |env| [200, {}, [env['rack.url_scheme']]] }
+
+    @ctx = Puma::MiniSSL::Context.new
+
+    if Puma.jruby?
+      @ctx.keystore =  File.expand_path "../../examples/puma/keystore.jks", __FILE__
+      @ctx.keystore_pass = 'blahblah'
+    else
+      @ctx.key =  File.expand_path "../../examples/puma/puma_keypair.pem", __FILE__
+      @ctx.cert = File.expand_path "../../examples/puma/cert_puma.pem", __FILE__
+    end
+
+    @ctx.verify_mode = Puma::MiniSSL::VERIFY_NONE
+
+    @events = SSLEventsHelper.new STDOUT, STDERR
+    @server = Puma::Server.new @app, @events
+    @server.add_ssl_listener @host, @port, @ctx
+    @server.run
+
+    @http = Net::HTTP.new @host, @port
+    @http.use_ssl = true
+    @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+  end
+
+  def teardown
+    return if DISABLE_SSL
+    @server.stop(true)
+  end
+
+  def test_url_scheme_for_https
+    return if DISABLE_SSL
+
+    body = nil
+    @http.start do
+      req = Net::HTTP::Get.new "/", {}
+
+      @http.request(req) do |rep|
+        body = rep.body
+      end
+    end
+
+    assert_equal "https", body
+  end
+
+  def test_very_large_return
+    return if DISABLE_SSL
+
+    giant = "x" * 2056610
+
+    @server.app = proc do
+      [200, {}, [giant]]
+    end
+
+    body = nil
+    @http.start do
+      req = Net::HTTP::Get.new "/"
+      @http.request(req) do |rep|
+        body = rep.body
+      end
+    end
+
+    assert_equal giant.bytesize, body.bytesize
+  end
+
+  def test_form_submit
+    return if DISABLE_SSL
+
+    body = nil
+    @http.start do
+      req = Net::HTTP::Post.new '/'
+      req.set_form_data('a' => '1', 'b' => '2')
+
+      @http.request(req) do |rep|
+        body = rep.body
+      end
+
+    end
+
+    assert_equal "https", body
+  end
+
+  def test_ssl_v3_rejection
+    return if DISABLE_SSL
+    @http.ssl_version='SSLv3'
+    assert_raises(OpenSSL::SSL::SSLError) do
+      @http.start do
+        Net::HTTP::Get.new '/'
+      end
+    end
+    unless Puma.jruby?
+      assert_match("wrong version number", @events.error.message) if @events.error
+    end
+  end
+
+end
+
+# client-side TLS authentication tests
+class TestPumaServerSSLClient < Minitest::Test
+
+  def assert_ssl_client_error_match(error, subject=nil, &blk)
+    @port = 3212
+    @host = "127.0.0.1"
+
+    @app = lambda { |env| [200, {}, [env['rack.url_scheme']]] }
+
+    @ctx = Puma::MiniSSL::Context.new
+    if Puma.jruby?
+      @ctx.keystore =  File.expand_path "../../examples/puma/client-certs/keystore.jks", __FILE__
+      @ctx.keystore_pass = 'blahblah'
+    else
+      @ctx.key = File.expand_path "../../examples/puma/client-certs/server.key", __FILE__
+      @ctx.cert = File.expand_path "../../examples/puma/client-certs/server.crt", __FILE__
+      @ctx.ca = File.expand_path "../../examples/puma/client-certs/ca.crt", __FILE__
+    end
+    @ctx.verify_mode = Puma::MiniSSL::VERIFY_PEER | Puma::MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT
+
+    events = SSLEventsHelper.new STDOUT, STDERR
+    @server = Puma::Server.new @app, events
+    @server.add_ssl_listener @host, @port, @ctx
+    @server.run
+
+    @http = Net::HTTP.new @host, @port
+    @http.use_ssl = true
+    @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+    blk.call(@http)
+
+    client_error = false
+    begin
+      @http.start do
+        req = Net::HTTP::Get.new "/", {}
+        @http.request(req)
+      end
+    rescue OpenSSL::SSL::SSLError
+      client_error = true
+    end
+
+    sleep 0.1
+    assert_equal !!error, client_error
+    # The JRuby MiniSSL implementation lacks error capturing currently, so we can't inspect the
+    # messages here
+    unless Puma.jruby?
+      assert_match error, events.error.message if error
+      assert_equal @host, events.addr if error
+      assert_equal subject, events.cert.subject.to_s if subject
+    end
+  ensure
+    @server.stop(true)
+  end
+
+  def test_verify_fail_if_no_client_cert
+    return if DISABLE_SSL
+
+    assert_ssl_client_error_match 'peer did not return a certificate' do |http|
+      # nothing
+    end
+  end
+
+  def test_verify_fail_if_client_unknown_ca
+    return if DISABLE_SSL
+
+    assert_ssl_client_error_match('self signed certificate in certificate chain', '/DC=net/DC=puma/CN=ca-unknown') do |http|
+      key = File.expand_path "../../examples/puma/client-certs/client_unknown.key", __FILE__
+      crt = File.expand_path "../../examples/puma/client-certs/client_unknown.crt", __FILE__
+      http.key = OpenSSL::PKey::RSA.new File.read(key)
+      http.cert = OpenSSL::X509::Certificate.new File.read(crt)
+      http.ca_file = File.expand_path "../../examples/puma/client-certs/unknown_ca.crt", __FILE__
+    end
+  end
+
+  def test_verify_fail_if_client_expired_cert
+    return if DISABLE_SSL
+    assert_ssl_client_error_match('certificate has expired', '/DC=net/DC=puma/CN=client-expired') do |http|
+      key = File.expand_path "../../examples/puma/client-certs/client_expired.key", __FILE__
+      crt = File.expand_path "../../examples/puma/client-certs/client_expired.crt", __FILE__
+      http.key = OpenSSL::PKey::RSA.new File.read(key)
+      http.cert = OpenSSL::X509::Certificate.new File.read(crt)
+      http.ca_file = File.expand_path "../../examples/puma/client-certs/ca.crt", __FILE__
+    end
+  end
+
+  def test_verify_client_cert
+    return if DISABLE_SSL
+    assert_ssl_client_error_match(nil) do |http|
+      key = File.expand_path "../../examples/puma/client-certs/client.key", __FILE__
+      crt = File.expand_path "../../examples/puma/client-certs/client.crt", __FILE__
+      http.key = OpenSSL::PKey::RSA.new File.read(key)
+      http.cert = OpenSSL::X509::Certificate.new File.read(crt)
+      http.ca_file = File.expand_path "../../examples/puma/client-certs/ca.crt", __FILE__
+      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+    end
+  end
+end

data/test/test_rack_handler.rb

@@ -0,0 +1,57 @@
+require "test_helper"
+
+require "rack/handler/puma"
+
+class TestPumaUnixSocket < Minitest::Test
+  def test_handler
+    handler = Rack::Handler.get(:puma)
+    assert_equal Rack::Handler::Puma, handler
+    handler = Rack::Handler.get('Puma')
+    assert_equal Rack::Handler::Puma, handler
+  end
+end
+
+class TestPathHandler < Minitest::Test
+  def app
+    Proc.new {|env| @input = env; [200, {}, ["hello world"]]}
+  end
+
+  def setup
+    @input = nil
+  end
+
+  def in_handler(app, options = {})
+    options[:Port] ||= 0
+    options[:Silent] = true
+
+    @launcher = nil
+    thread = Thread.new do
+      Rack::Handler::Puma.run(app, options) do |s, p|
+        @launcher = s
+      end
+    end
+    thread.abort_on_exception = true
+
+    # Wait for launcher to boot
+    Timeout.timeout(10) do
+      until @launcher
+        sleep 1
+      end
+    end
+    sleep 1
+
+    yield @launcher
+  ensure
+    @launcher.stop if @launcher
+    thread.join  if thread
+  end
+
+
+  def test_handler_boots
+    in_handler(app) do |launcher|
+      hit(["http://0.0.0.0:#{ launcher.connected_port }/test"])
+      assert_equal("/test", @input["PATH_INFO"])
+    end
+  end
+
+end

data/test/test_rack_server.rb

@@ -0,0 +1,138 @@
+require "test_helper"
+
+require "rack"
+
+class TestRackServer < Minitest::Test
+
+  class ErrorChecker
+    def initialize(app)
+      @app = app
+      @exception = nil
+      @env = nil
+    end
+
+    attr_reader :exception, :env
+
+    def call(env)
+      begin
+        @env = env
+        return @app.call(env)
+      rescue Exception => e
+        @exception = e
+
+        [
+          500,
+          { "X-Exception" => e.message, "X-Exception-Class" => e.class.to_s },
+          ["Error detected"]
+        ]
+      end
+    end
+  end
+
+  class ServerLint < Rack::Lint
+    def call(env)
+      assert("No env given") { env }
+      check_env env
+
+      @app.call(env)
+    end
+  end
+
+  def setup
+    @valid_request = "GET / HTTP/1.1\r\nHost: test.com\r\nContent-Type: text/plain\r\n\r\n"
+
+    @simple = lambda { |env| [200, { "X-Header" => "Works" }, ["Hello"]] }
+    @server = Puma::Server.new @simple
+    @server.add_tcp_listener "127.0.0.1", 0
+
+    @stopped = false
+  end
+
+  def stop
+    @server.stop(true)
+    @stopped = true
+  end
+
+  def teardown
+    @server.stop(true) unless @stopped
+  end
+
+  def test_lint
+    @checker = ErrorChecker.new ServerLint.new(@simple)
+    @server.app = @checker
+
+    @server.run
+
+    hit(["http://127.0.0.1:#{ @server.connected_port }/test"])
+
+    stop
+
+    if exc = @checker.exception
+      raise exc
+    end
+  end
+
+  def test_large_post_body
+    @checker = ErrorChecker.new ServerLint.new(@simple)
+    @server.app = @checker
+
+    @server.run
+
+    big = "x" * (1024 * 16)
+
+    Net::HTTP.post_form URI.parse("http://127.0.0.1:#{ @server.connected_port }/test"),
+                 { "big" => big }
+
+    stop
+
+    if exc = @checker.exception
+      raise exc
+    end
+  end
+
+  def test_path_info
+    input = nil
+    @server.app = lambda { |env| input = env; @simple.call(env) }
+    @server.run
+
+    hit(["http://127.0.0.1:#{ @server.connected_port }/test/a/b/c"])
+
+    stop
+
+    assert_equal "/test/a/b/c", input['PATH_INFO']
+  end
+
+  def test_after_reply
+    closed = false
+
+    @server.app = lambda do |env|
+      env['rack.after_reply'] << lambda { closed = true }
+      @simple.call(env)
+    end
+
+    @server.run
+
+    hit(["http://127.0.0.1:#{ @server.connected_port }/test"])
+
+    stop
+
+    assert_equal true, closed
+  end
+
+  def test_common_logger
+    log = StringIO.new
+
+    logger = Rack::CommonLogger.new(@simple, log)
+
+    @server.app = logger
+
+    @server.run
+
+    hit(["http://127.0.0.1:#{ @server.connected_port }/test"])
+
+    stop
+
+    assert_match %r!GET /test HTTP/1\.1!, log.string
+  end
+
+end

data/test/test_tcp_logger.rb

@@ -0,0 +1,39 @@
+require "test_helper"
+
+require "puma/events"
+require "puma/tcp_logger"
+
+class TestTCPLogger < Minitest::Test
+
+  def setup
+    @events = Puma::Events.new STDOUT, STDERR
+    @server = Puma::Server.new nil, @events
+
+    @server.app = proc { |env, socket|}
+    @server.tcp_mode!
+
+    @socket = nil
+  end
+
+  def test_events
+    # in lib/puma/launcher.rb:85
+    # Puma::Events is default tcp_logger for cluster mode
+    logger = Puma::Events.new(STDOUT, STDERR)
+    out, err = capture_subprocess_io do
+      Puma::TCPLogger.new(logger, @server.app).call({}, @socket)
+    end
+    assert_match(/connected/, out)
+    assert_equal('', err)
+  end
+
+  def test_io
+    # in lib/puma/configuration.rb:184
+    # STDOUT is default tcp_logger for single mode
+    logger = STDOUT
+    out, err = capture_subprocess_io do
+      Puma::TCPLogger.new(logger, @server.app).call({}, @socket)
+    end
+    assert_match(/connected/, out)
+    assert_equal('', err)
+  end
+end